101
0/228
Loading content...
The journey from a cold, powered-off diskless workstation to a fully operational system with a login prompt is a remarkable orchestration of protocols, each dependent on the successful completion of those before it. This process, refined over decades of networked computing, represents one of the most elegant applications of the layered protocol approach.\n\nA diskless workstation has no local storage—no hard drive, no SSD, no flash memory for the operating system. Everything it needs must come from the network. Yet within 15-60 seconds of power-on, the screen displays a login prompt, the keyboard responds, and the user can begin working. How does this transformation occur?\n\nThis page traces the complete bootstrap pathway, from the initial electrical pulse through the network cable to the execution of the first user-space process.
By the end of this page, you will understand the complete boot sequence from power-on to operating system, the role of each protocol (BOOTP/DHCP, TFTP, NFS) in the process, how Boot ROMs are structured and execute, the kernel loading and initialization sequence, and common failure points and troubleshooting approaches for each phase.
The bootstrap process begins in hardware. Every network-bootable system contains a Boot ROM (also called a Boot PROM, Option ROM, or PXE ROM)—a small piece of persistent memory containing just enough code to initiate the network boot process.\n\nPhysical Implementation:\n\n| Era | Technology | Typical Size | Reprogrammability |\n|-----|------------|--------------|-------------------|\n| 1980s | PROM | 8-32 KB | None (fused) |\n| 1990s | EPROM | 32-128 KB | UV erasable |\n| 2000s | Flash | 128-512 KB | Electrically programmable |\n| Modern | Integrated | 1-4 MB | Firmware update via software |\n\nBoot ROM Contents:\n\n1. POST diagnostics: Basic hardware checks\n2. NIC initialization: Configure the network interface\n3. Protocol stacks: Minimal implementations of required protocols\n4. User interface: Status display, configuration menu\n5. Boot logic: Decision making for boot source selection
Protocol Stack in Boot ROM:\n\nA typical Boot ROM includes minimal implementations of:\n\n\n+-------------------+\n| Boot Logic | <- Orchestrates the boot process\n+-------------------+\n| TFTP Client | <- Downloads boot image\n+-------------------+\n| BOOTP/DHCP | <- Obtains IP configuration\n+-------------------+\n| UDP | <- Transport for BOOTP/TFTP\n+-------------------+\n| IP | <- Network layer\n+-------------------+\n| ARP | <- Address resolution\n+-------------------+\n| Ethernet Driver | <- NIC-specific driver\n+-------------------+\n| Hardware Init | <- NIC initialization\n+-------------------+\n\n\nConstraints on Boot ROM Code:\n\n| Constraint | Implication |\n|------------|-------------|\n| Minimal RAM | Cannot buffer large amounts of data |\n| No disk | Cannot save state or cache anything |\n| Simple CPU | No complex algorithms or crypto |\n| Limited ROM size | Must be extremely efficient |\n| No OS services | All code must be self-contained |
Preboot eXecution Environment (PXE), standardized by Intel, is the modern evolution of network boot ROMs. PXE standardizes the boot process, defines a specific API for boot loaders, and is integrated into virtually all modern x86 network interfaces and BIOS/UEFI firmware. When you enable 'Network Boot' in a modern system's BIOS, you're activating PXE.
The first network task is obtaining an IP address and boot configuration. This phase uses BOOTP (or DHCP in modern environments) to transform the workstation from 'knows nothing' to 'knows enough to download its operating system.'\n\nPre-BOOTP State:\n- Has: MAC address, boot ROM code\n- Needs: IP address, subnet mask, gateway, boot server, boot filename\n\nBOOTP Request/Reply Exchange:
=== BOOTP Exchange (Captured with Wireshark) === Frame 1: BOOTREQUEST----------------------------------------Ethernet II Destination: ff:ff:ff:ff:ff:ff (Broadcast) Source: 00:1a:2b:3c:4d:5e Type: IPv4 (0x0800)Internet Protocol Version 4 Source: 0.0.0.0 Destination: 255.255.255.255User Datagram Protocol Source Port: 68 Destination Port: 67Bootstrap Protocol (Request) Message type: Boot Request (1) Hardware type: Ethernet (0x01) Hardware address length: 6 Hops: 0 Transaction ID: 0x12345678 Seconds elapsed: 0 Flags: 0x8000 (Broadcast) Client IP address: 0.0.0.0 Your (client) IP address: 0.0.0.0 Next server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0 Client MAC address: 00:1a:2b:3c:4d:5e Server host name: (empty) Boot file name: (empty) Magic cookie: DHCP (0x63825363) Frame 2: BOOTREPLY----------------------------------------Ethernet II Destination: 00:1a:2b:3c:4d:5e Source: 00:aa:bb:cc:dd:eeInternet Protocol Version 4 Source: 192.168.1.1 Destination: 192.168.1.100Bootstrap Protocol (Reply) Message type: Boot Reply (2) Transaction ID: 0x12345678 Your (client) IP address: 192.168.1.100 Next server IP address: 192.168.1.1 Client MAC address: 00:1a:2b:3c:4d:5e Boot file name: /tftpboot/pxelinux.0 Magic cookie: DHCP Option 1: Subnet Mask (255.255.255.0) Option 3: Router (192.168.1.1) Option 6: DNS (8.8.8.8) Option 255: EndPost-BOOTP State:\n\nAfter a successful BOOTP exchange, the client now knows:\n\n| Information | Source | Example Value |\n|-------------|--------|---------------|\n| IP Address | yiaddr | 192.168.1.100 |\n| Subnet Mask | Option 1 | 255.255.255.0 |\n| Default Gateway | Option 3 | 192.168.1.1 |\n| TFTP Server | siaddr | 192.168.1.1 |\n| Boot Filename | file | /tftpboot/pxelinux.0 |\n| DNS Server | Option 6 | 8.8.8.8 |\n\nAddress Configuration:\n\nThe Boot ROM configures the minimal IP stack:\n\n1. Set IP address to 192.168.1.100\n2. Set subnet mask to 255.255.255.0\n3. Add default route via 192.168.1.1\n4. Populate ARP table with known addresses\n\nWith this configuration, the workstation can now communicate with the TFTP server to download its boot image.
The IP stack in a Boot ROM is intentionally minimal. It typically supports only UDP (not TCP), limited ARP cache, no IP fragmentation/reassembly, and no advanced routing. These limitations constrain what can be done during boot—TFTP's simplicity (UDP-based, 512-byte blocks) makes it ideal for this environment.
With address configuration complete, the next phase is downloading the boot image using TFTP (Trivial File Transfer Protocol). TFTP was designed specifically for this use case—it's simple enough to implement in a Boot ROM while capable of transferring multi-megabyte files.\n\nWhy TFTP, Not FTP or HTTP?\n\n| Protocol | Size | Transport | Authentication | Boot ROM Suitable? |\n|----------|------|-----------|----------------|-------------------|\n| TFTP | ~500 bytes | UDP | None | ✓ Yes |\n| FTP | ~10 KB | TCP | Optional | ✗ No (too complex) |\n| HTTP | ~5 KB | TCP | Various | ✗ No (TCP required) |\n| NFS | ~2 KB | UDP/TCP | Various | ✓ Sometimes used |
TFTP Operation:\n\nTFTP uses a simple read request / data / acknowledgment pattern:\n\n1. Client sends Read Request (RRQ) for boot filename\n2. Server sends Data block 1 (512 bytes)\n3. Client sends Acknowledgment for block 1\n4. Server sends Data block 2\n5. Client sends Acknowledgment for block 2\n6. ... repeat until final block (< 512 bytes)\n\nTFTP Packet Types:\n\n| Opcode | Type | Purpose |\n|--------|------|---------|\n| 1 | RRQ | Read Request - request file download |\n| 2 | WRQ | Write Request - request file upload |\n| 3 | DATA | Data block with sequence number |\n| 4 | ACK | Acknowledgment of data block |\n| 5 | ERROR | Error notification |
Transfer Time Calculation:\n\nFor a 4 MB boot image on a 100 Mbps network:\n\n\nFile size: 4 MB = 4,194,304 bytes\nBlock size: 512 bytes\nNumber of blocks: 4,194,304 / 512 = 8,192 blocks\n\nPer-block transfer (100 Mbps):\n - Data packet: 512 bytes = ~41 microseconds\n - ACK packet: ~20 bytes = ~1.6 microseconds\n - Round-trip latency: ~1 millisecond (typical LAN)\n - Per-block time: ~1-2 milliseconds\n\nTotal transfer time: 8,192 × 2 ms ≈ 16 seconds\n\nWith modern optimizations (TFTP options):\n - Block size: 1428 bytes (max without fragmentation)\n - Number of blocks: ~2,937\n - Transfer time: ~6 seconds\n\n\nTFTP Options (RFC 2347, 2348, 2349):\n\n| Option | Purpose | Improvement |\n|--------|---------|-------------|\n| blksize | Larger block size | Fewer round-trips |\n| tsize | Transfer size | Client can allocate memory |\n| timeout | Retry timeout | Adaptive to network |\n| windowsize | Multiple blocks before ACK | Pipelining |
Modern PXE boot often uses a two-stage process: First, a small boot loader (like pxelinux.0 at ~40KB) is downloaded. This boot loader has a richer user interface and can parse configuration files, display menus, and then download the actual kernel and initramfs. This approach provides flexibility without requiring complex Boot ROM code.
Boot Image Types:\n\n| Platform | Boot Image | Typical Size |\n|----------|------------|--------------|\n| x86 BIOS/PXE | pxelinux.0 | 40 KB (loader) |\n| x86 UEFI | grubx64.efi | 500 KB (loader) |\n| Sun SPARC | kernel (vmlinuz) | 2-5 MB |\n| ARM | uImage/zImage | 2-10 MB |\n| Any (with initrd) | initramfs | 5-50 MB |\n\nMemory Loading:\n\nAs blocks arrive, the Boot ROM loads them into specific memory locations:\n\n\nMemory Layout (x86 example):\n+------------------+ 0x00000000\n| Interrupt Table |\n+------------------+ 0x00000400\n| BIOS Data Area |\n+------------------+ 0x00000500\n| Free (boot image)| <- TFTP data loaded here\n+------------------+ 0x0007FFFF\n| ... |\n+------------------+ 0x00100000\n| Extended Memory | <- Large images loaded here\n+------------------+\n
Once the boot image is loaded into memory, the Boot ROM transfers control to it. This marks a transition from the simple, constrained Boot ROM environment to a more capable boot loader that can download additional files and present configuration options.\n\nThe Boot Handoff:\n\n\nBoot ROM execution flow:\n1. Download boot image via TFTP\n2. Verify image integrity (checksum if supported)\n3. Set up execution environment\n4. Jump to boot image entry point\n5. Boot ROM code no longer executes\n\n\nInformation Passed to Boot Loader:\n\nThe Boot ROM typically communicates configuration to the boot loader via:\n\n| Method | Information | Usage |\n|--------|-------------|-------|\n| Registers | Entry point, memory map | CPU-specific |\n| Memory structures | Network config, hardware info | PXE API |\n| Environment variables | Boot parameters | Some platforms |
Common Network Boot Loaders:\n\nPXELINUX (Syslinux project):\n- Standard for x86 BIOS systems\n- Reads configuration from pxelinux.cfg/ directory\n- Supports menus, kernel parameters, automated boot\n- Downloads kernel and initrd via TFTP\n\nGRUB2 (for UEFI):\n- Modern boot loader with PXE support\n- Reads grub.cfg configuration\n- Supports multiple file systems, protocols\n- Can use HTTP, TFTP, or other protocols\n\niPXE (Enhanced PXE):\n- Replaces vendor PXE with extended capabilities\n- Scripts, HTTP/HTTPS support, iSCSI boot\n- Can be loaded as a boot image itself
1234567891011121314151617181920212223242526
# /tftpboot/pxelinux.cfg/default# PXE Boot Menu Configuration DEFAULT menu.c32PROMPT 0TIMEOUT 100MENU TITLE Network Boot Menu LABEL linux MENU LABEL ^Linux (Ubuntu 22.04) KERNEL ubuntu/vmlinuz APPEND initrd=ubuntu/initrd.img ip=dhcp root=/dev/nfs nfsroot=192.168.1.1:/export/ubuntu rw LABEL centos MENU LABEL ^CentOS Stream 9 KERNEL centos/vmlinuz APPEND initrd=centos/initrd.img ip=dhcp inst.repo=http://192.168.1.1/centos LABEL localboot MENU LABEL Boot from local ^disk LOCALBOOT 0 LABEL rescue MENU LABEL ^Rescue Environment KERNEL rescue/vmlinuz APPEND initrd=rescue/initrd.img ip=dhcp rescuePXELINUX searches for configuration files in a specific order: (1) by client's UUID, (2) by MAC address (prefixed with 01-), (3) by IP address in hex (progressively shorter), and finally (4) 'default'. This allows per-machine configurations while providing fallbacks. For MAC 00:1A:2B:3C:4D:5E, it looks for 01-00-1a-2b-3c-4d-5e first.
Boot Loader Tasks:\n\n1. Parse configuration: Read menu options and kernel parameters\n2. Display menu (optional): Allow user selection\n3. Download kernel: Fetch vmlinuz or equivalent\n4. Download initramfs: Fetch initial ramdisk\n5. Set up kernel parameters: Command line arguments\n6. Load and execute kernel: Pass control to the OS
When the boot loader transfers control to the kernel, a new phase begins. The kernel must initialize the system, configure networking, and mount its root filesystem—all without any local storage.\n\nKernel Boot Parameters for Network Boot:\n\n\nvmlinuz initrd=initrd.img ip=dhcp root=/dev/nfs \\\n nfsroot=192.168.1.1:/export/client1 rw\n\n\nParameter Reference:\n\n| Parameter | Purpose | Example |\n|-----------|---------|---------|\n| ip=dhcp | Use DHCP for IP configuration | ip=dhcp |\n| ip=static | Static IP configuration | ip=192.168.1.100::192.168.1.1:255.255.255.0:host:eth0:off |\n| root=/dev/nfs | Root filesystem is NFS | root=/dev/nfs |\n| nfsroot= | NFS server and path | nfsroot=192.168.1.1:/export/root |\n| rw / ro | Mount read-write or read-only | rw |\n| init= | Alternative init program | init=/bin/bash |
Kernel Initialization Sequence:\n\n1. Decompress kernel (if compressed)\n2. Initialize CPU and memory management\n3. Initialize core subsystems (interrupts, timers, etc.)\n4. Initialize device drivers (from initramfs)\n5. Configure network interface (from kernel parameters or DHCP)\n6. Mount root filesystem (NFS for diskless)\n7. Execute init (systemd, sysvinit, etc.)\n\nThe Initramfs Role:\n\nFor network boot, the initramfs (initial RAM filesystem) is critical. It contains:\n\n- Network drivers for the NIC\n- NFS client code\n- DHCP client\n- Scripts to configure networking and mount NFS root\n\n\nInitramfs contents (simplified):\n/\n├── bin/\n│ ├── busybox\n│ └── sh -> busybox\n├── etc/\n├── init (initialization script)\n├── lib/\n│ └── modules/ (network driver .ko files)\n├── proc/\n├── sys/\n└── sbin/\n └── mount.nfs\n
On modern Linux systems, Dracut generates initramfs images. For network boot, include the network modules: 'dracut --add network --add nfs' generates an initramfs with NFS root support. The dracut-network module handles IP configuration, and the nfs module provides NFS mount capabilities during early boot.
NFS Root Mount:\n\nThe kernel (via initramfs) mounts the NFS-exported root filesystem:\n\n\nmount -t nfs -o vers=4,rw 192.168.1.1:/export/client1 /sysroot\n\n\nNFS Export Configuration (Server Side):\n\n\n# /etc/exports on NFS server\n/export/client1 192.168.1.100(rw,sync,no_root_squash,no_subtree_check)\n/export/client2 192.168.1.101(rw,sync,no_root_squash,no_subtree_check)\n/export/shared 192.168.1.0/24(ro,sync,no_subtree_check)\n\n\nCritical Export Options:\n\n| Option | Purpose |\n|--------|---------|\n| rw | Read-write access |\n| no_root_squash | Allow root operations (needed for boot) |\n| sync | Synchronous writes for safety |\n| no_subtree_check | Performance optimization |
Let's trace through a complete network boot with realistic timings. This timeline assumes a modern 1 Gbps network with optimized configurations.
| Time | Phase | Activity | Duration |
|---|---|---|---|
| T+0.0s | Power-on | Hardware POST begins | 1-3 seconds |
| T+3.0s | Boot ROM | NIC initialization | 0.5 seconds |
| T+3.5s | DHCP/BOOTP | Broadcast request | < 100 ms |
| T+3.6s | DHCP/BOOTP | Receive reply | < 100 ms |
| T+3.7s | TFTP | Request boot loader | < 100 ms |
| T+4.0s | TFTP | Download boot loader (40KB) | < 500 ms |
| T+4.5s | Boot Loader | Parse configuration | < 500 ms |
| T+5.0s | TFTP | Download kernel (5MB) | 1-2 seconds |
| T+7.0s | TFTP | Download initramfs (30MB) | 3-5 seconds |
| T+12.0s | Kernel | Kernel starts, hardware init | 2-3 seconds |
| T+15.0s | Kernel | Network reconfiguration | 1 second |
| T+16.0s | NFS | Mount root filesystem | 1-2 seconds |
| T+18.0s | Init | System initialization | 5-15 seconds |
| T+30.0s | Complete | Login prompt |
Factors Affecting Boot Time:\n\n| Factor | Impact | Optimization |\n|--------|--------|--------------|\n| Network speed | File transfer time | Use 1 Gbps or faster |\n| Switch port config | STP delay at boot | Enable PortFast |\n| DHCP server speed | Address acquisition | Use fast server, local |\n| Boot image size | Download time | Minimize initramfs |\n| NFS server latency | Root mount time | Use local NFS server |\n| Init system | Startup services | Disable unnecessary services |\n\nCommon Bottlenecks:\n\n1. Spanning Tree: Can add 30-50 seconds if PortFast not enabled\n2. Large initramfs: Every MB adds ~1 second on 100 Mbps\n3. Slow NFS: Remote NFS across WAN dramatically slows boot\n4. Complex init: Many startup services extend boot time
The most common cause of 'slow network boot' is Spanning Tree Protocol. When a switch port transitions from blocking to forwarding, it goes through Listening (15s) and Learning (15s) states. PortFast skips these states for edge ports. Without PortFast, expect 30+ seconds of delay before any network traffic flows—the client appears hung with no NIC activity.
Network boot involves multiple components that must all work correctly. Systematic troubleshooting identifies the failing phase.\n\nFailure Point Identification:
| Symptom | Likely Phase | Diagnostic Steps |
|---|---|---|
| No NIC activity LED | Hardware/Boot ROM | Check NIC, reseat card, verify ROM enabled |
| NIC blinks but no IP | DHCP/BOOTP | Verify DHCP server, check VLAN, capture traffic |
| IP acquired but TFTP fails | TFTP | Check TFTP server, verify filename, test manually |
| Boot loader error | Boot Loader | Check config file syntax, verify kernel path |
| Kernel panic | Kernel | Check kernel parameters, verify initramfs |
| NFS mount fails | NFS | Verify exports, check permissions, test mount |
Diagnostic Tools:\n\n1. Packet Capture (Wireshark/tcpdump):\nbash\n# Capture all BOOTP/DHCP and TFTP traffic\ntcpdump -i eth0 -w boot-capture.pcap \\\n 'port 67 or port 68 or port 69'\n\n\n2. TFTP Testing:\nbash\n# Manual TFTP test from another machine\ntftp 192.168.1.1\n> get /tftpboot/pxelinux.0\n> quit\n\n\n3. NFS Testing:\nbash\n# Check NFS exports\nshowmount -e 192.168.1.1\n\n# Test mount\nmount -t nfs 192.168.1.1:/export/root /mnt/test\n\n\n4. DHCP Server Logs:\nbash\n# ISC DHCP server logs\njournalctl -u isc-dhcp-server -f\n\n# Check for lease assignments\ncat /var/lib/dhcp/dhcpd.leases\n
We have traced the complete journey from power-on to operating system. Let's consolidate the key phases and concepts:
What's Next:\n\nIn the final page of this module, we will explore the historical context and evolution of bootstrap protocols—from RARP through BOOTP to modern DHCP. Understanding this evolution illuminates why protocols work the way they do and provides insight into the design decisions that shaped modern network auto-configuration.
You now understand the complete network bootstrap process from power-on to login prompt. You can trace data flow through each phase, identify common failure points, and apply systematic troubleshooting techniques. This knowledge is essential for deploying and maintaining diskless systems, thin clients, and modern infrastructure automation.